From fc67ec71a2e5a297068aeb17e044a0021d3e9bde Mon Sep 17 00:00:00 2001
From: Neil <neil@pall>
Date: Mon, 27 Sep 2010 16:48:10 -0700
Subject: [PATCH 1/3] removing unused script.

---
 tools/end-to-end.sh | 109 --------------------------------------------
 1 file changed, 109 deletions(-)
 delete mode 100755 tools/end-to-end.sh

diff --git a/tools/end-to-end.sh b/tools/end-to-end.sh
deleted file mode 100755
index db3b8ebfc71..00000000000
--- a/tools/end-to-end.sh
+++ /dev/null
@@ -1,109 +0,0 @@
-#!/bin/bash
-#Copyright (c) 2009  Eucalyptus Systems, Inc.	
-#
-#This program is free software: you can redistribute it and/or modify
-#it under the terms of the GNU General Public License as published by 
-#the Free Software Foundation, only version 3 of the License.  
-# 
-#This file is distributed in the hope that it will be useful, but WITHOUT
-#ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
-#FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
-#for more details.  
-#
-#You should have received a copy of the GNU General Public License along
-#with this program.  If not, see <http://www.gnu.org/licenses/>.
-# 
-#Please contact Eucalyptus Systems, Inc., 130 Castilian
-#Dr., Goleta, CA 93101 USA or visit <http://www.eucalyptus.com/licenses/> 
-#if you need additional information or have any questions.
-#
-#This file may incorporate work covered under the following copyright and
-#permission notice:
-#
-#  Software License Agreement (BSD License)
-#
-#  Copyright (c) 2008, Regents of the University of California
-#  
-#
-#  Redistribution and use of this software in source and binary forms, with
-#  or without modification, are permitted provided that the following
-#  conditions are met:
-#
-#    Redistributions of source code must retain the above copyright notice,
-#    this list of conditions and the following disclaimer.
-#
-#    Redistributions in binary form must reproduce the above copyright
-#    notice, this list of conditions and the following disclaimer in the
-#    documentation and/or other materials provided with the distribution.
-#
-#  THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
-#  IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
-#  TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
-#  PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER
-#  OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
-#  EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
-#  PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
-#  PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
-#  LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
-#  NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
-#  SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. USERS OF
-#  THIS SOFTWARE ACKNOWLEDGE THE POSSIBLE PRESENCE OF OTHER OPEN SOURCE
-#  LICENSED MATERIAL, COPYRIGHTED MATERIAL OR PATENTED MATERIAL IN THIS
-#  SOFTWARE, AND IF ANY SUCH MATERIAL IS DISCOVERED THE PARTY DISCOVERING
-#  IT MAY INFORM DR. RICH WOLSKI AT THE UNIVERSITY OF CALIFORNIA, SANTA
-#  BARBARA WHO WILL THEN ASCERTAIN THE MOST APPROPRIATE REMEDY, WHICH IN
-#  THE REGENTS’ DISCRETION MAY INCLUDE, WITHOUT LIMITATION, REPLACEMENT
-#  OF THE CODE SO IDENTIFIED, LICENSING OF THE CODE SO IDENTIFIED, OR
-#  WITHDRAWAL OF THE CODE CAPABILITY TO THE EXTENT NEEDED TO COMPLY WITH
-#  ANY SUCH LICENSES OR RIGHTS.
-#
-
-
-
-echo -n "REGISTERING IMAGE..."
-echo "ec2-register -U http://angelcrest.cs.ucsb.edu:9090/services/Eucalyptus ttylinux"
-AMIID=`ec2-register -U http://angelcrest.cs.ucsb.edu:9090/services/Eucalyptus ttylinux | awk '{print $2}'`
-echo "DONE: got AmiId $AMIID"
-echo "--------------------------------------------------------------------------------"
-echo
-
-echo "DESCRIBING INSTANCES..."
-echo "ec2-describe-instances -U http://angelcrest.cs.ucsb.edu:9090/services/Eucalyptus "
-ec2-describe-instances -U http://angelcrest.cs.ucsb.edu:9090/services/Eucalyptus 
-echo "DONE."
-echo "--------------------------------------------------------------------------------"
-echo
-
-echo "RUNNING INSTANCES..."
-echo "ec2-run-instances -U http://angelcrest.cs.ucsb.edu:9090/services/Eucalyptus $AMIID -n 4"
-ec2-run-instances -U http://angelcrest.cs.ucsb.edu:9090/services/Eucalyptus $AMIID -n 4
-
-echo "DONE."
-echo "--------------------------------------------------------------------------------"
-echo
-
-echo "DESCRIBING INSTANCES..."
-echo "ec2-describe-instances -U http://angelcrest.cs.ucsb.edu:9090/services/Eucalyptus "
-ec2-describe-instances -U http://angelcrest.cs.ucsb.edu:9090/services/Eucalyptus 
-echo "DONE."
-echo "--------------------------------------------------------------------------------"
-echo
-
-export TSTR=""
-for i in `ec2-describe-instances -U http://angelcrest.cs.ucsb.edu:9090/services/Eucalyptus | grep INSTANCE | awk '{print $2}'`
-do
-  TSTR="$TSTR $i"
-done
-
-echo "TERMINATING INSTANCES: $TSTR"
-echo "ec2-terminate-instances -U http://angelcrest.cs.ucsb.edu:9090/services/Eucalyptus $TSTR"
-ec2-terminate-instances -U http://angelcrest.cs.ucsb.edu:9090/services/Eucalyptus $TSTR
-
-echo "DESCRIBING INSTANCES..."
-echo "ec2-describe-instances -U http://angelcrest.cs.ucsb.edu:9090/services/Eucalyptus "
-ec2-describe-instances -U http://angelcrest.cs.ucsb.edu:9090/services/Eucalyptus 
-echo "DONE."
-echo "--------------------------------------------------------------------------------"
-echo
-
-echo "DONE."

From 8e5636c276a5883bae83b561f7d804517f52c3f3 Mon Sep 17 00:00:00 2001
From: Neil <neil@pall>
Date: Tue, 28 Sep 2010 10:51:51 -0700
Subject: [PATCH 2/3] check all generated user creds (not just the very recent)
 when verifying images.

---
 .../cloud/ws/WalrusImageManager.java          | 20 ++++++++++++-------
 1 file changed, 13 insertions(+), 7 deletions(-)

diff --git a/clc/modules/walrus/src/main/java/edu/ucsb/eucalyptus/cloud/ws/WalrusImageManager.java b/clc/modules/walrus/src/main/java/edu/ucsb/eucalyptus/cloud/ws/WalrusImageManager.java
index 87914bf1c67..ea1a4371502 100644
--- a/clc/modules/walrus/src/main/java/edu/ucsb/eucalyptus/cloud/ws/WalrusImageManager.java
+++ b/clc/modules/walrus/src/main/java/edu/ucsb/eucalyptus/cloud/ws/WalrusImageManager.java
@@ -232,11 +232,12 @@ private String decryptImage(String bucketName, String objectKey, String userId,
 						try {
 							boolean verified = false;
 							for(User user:Users.listAllUsers( )) {
-								X509Certificate cert = user.getX509Certificate( );
-								if(cert != null)
-									verified = canVerifySignature(sigVerifier, cert, signature, verificationString);
-								if(verified)
-									break;
+								for (X509Certificate cert : user.getAllX509Certificates()) {
+									if(cert != null)
+										verified = canVerifySignature(sigVerifier, cert, signature, verificationString);
+									if(verified)
+										break;
+								}
 							}
 							if(!verified) {
 								X509Certificate cert = SystemCredentialProvider.getCredentialProvider(Component.eucalyptus).getCertificate();
@@ -260,8 +261,13 @@ private String decryptImage(String bucketName, String objectKey, String userId,
 							throw new AccessDeniedException(userId,e);            
 						}         
 						try {
-							X509Certificate cert = user.getX509Certificate( );
-							signatureVerified = canVerifySignature(sigVerifier, cert, signature, verificationString);
+							for(X509Certificate cert : user.getAllX509Certificates()) {
+								if(cert != null) {
+									signatureVerified = canVerifySignature(sigVerifier, cert, signature, verificationString);
+								}
+								if(signatureVerified)
+									break;
+							}
 						} catch(Exception ex) {
 							db.rollback();
 							LOG.error(ex, ex);

From 373ab30a8d48aabe461591f7d9f63853d5654965 Mon Sep 17 00:00:00 2001
From: Neil <neil@pall>
Date: Tue, 28 Sep 2010 11:46:18 -0700
Subject: [PATCH 3/3] fixed case where image decryption (not caching) won't be
 retried if it fails the first time for a specific bucket/manifest.

---
 .../edu/ucsb/eucalyptus/cloud/ws/WalrusImageManager.java   | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/clc/modules/walrus/src/main/java/edu/ucsb/eucalyptus/cloud/ws/WalrusImageManager.java b/clc/modules/walrus/src/main/java/edu/ucsb/eucalyptus/cloud/ws/WalrusImageManager.java
index ea1a4371502..ac02631c8ba 100644
--- a/clc/modules/walrus/src/main/java/edu/ucsb/eucalyptus/cloud/ws/WalrusImageManager.java
+++ b/clc/modules/walrus/src/main/java/edu/ucsb/eucalyptus/cloud/ws/WalrusImageManager.java
@@ -522,7 +522,12 @@ private synchronized void cacheImage(String bucketName, String manifestKey, Stri
 		ImageCacher imageCacher = imageCachers.putIfAbsent(bucketName + manifestKey, new ImageCacher(bucketName, manifestKey, decryptedImageKey));
 		if(imageCacher == null) {
 			if(decryptedImageKey == null) {
-				decryptedImageKey = decryptImage(bucketName, manifestKey, userId, isAdministrator);
+				try {
+					decryptedImageKey = decryptImage(bucketName, manifestKey, userId, isAdministrator);
+				} catch(EucalyptusCloudException ex) {
+					imageCachers.remove(bucketName + manifestKey);
+					throw ex;
+				}
 				//decryption worked. Add it.
 				ImageCacheInfo foundImageCacheInfo = new ImageCacheInfo(bucketName, manifestKey);
 				foundImageCacheInfo.setImageName(decryptedImageKey);